Sunday, January 28, 2007

IE7 and * SSL Certificates

We have found that the * SSL Certificate has been helpful when hosting hundreds of unt.edu domains, but have just found that IE7 throws the following warning when the user hits a *.*.unt.edu site, (ie https://www.art.unt.edu):

There is a problem with this website’s security certificate.

The security certificate presented by this website was issued for a different website’s address.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.We recommend that you close this webpage and do not continue to this website.Click here to close this webpage.Continue to this website (not recommended).More information

If you arrived at this page by clicking a link, check the website address in the address bar to be sure that it is the address you were expecting.When going to a website with an address such as https://example.com, try adding the ‘www’ to the address, https://www.example.com.If you choose to ignore this error and continue, do not enter private information into the website.

For more information, see “Certificate Errors” in Internet Explorer Help.

The fix is to open Internet Options in IE7, and then to uncheck the “Warn about certificates address mismatch”:

Restart IE7, and the error will now go away. I applaud the IE7 team for wanting to make browsing more secure with IE7, but I think that turning this on by default, (so soon in the lifecycle), really makes it difficult for the industry, (and us), to match the browsing expectations of our user audience…